XSS Attacks Pushing Fake Antivirus

According to the security researchers at Zscaler (a cloud security company), malware distributors are exploiting security flaws in news.com.au, lawyer.com, appleinsider.com and many other legitimate websites to thrust fake antivirus software on unwitting computer users.

Zscaler states that the currently spreading attacks are worth noting, as they exploit cross-site scripting or XSS flaws to conceal malicious links inside the URLs of reputed websites. Consequently, people in the hope of viewing websites that they know as well as trust land on a page, which make them think that their PCs are infected by malware.

Mike Geide, Senior Security Researcher at Zscaler, said that the interesting fact about the attacks was that they had embedded iframes to divert people elsewhere, as reported by The Register on December 16, 2009.

It is still not known who the individual or group of individuals is responsible for the XSS attacks. However, it is not difficult to understand the motive behind these attacks, which is to exploit people's faith on a familiar website so that malware distributors can load fake anti-virus software on the maximum number of computers possible.

Moreover, these malware distributors also exploit the situation of a large time gap between the injection of malicious software into users' computers and the development of an antivirus product by AV firms to detect and block that software.

As earlier exploration of such AV software has indicated, cyber criminals, who thrust fake AV programs, make huge amounts of dollars every month.

Further, hijacking of legitimate websites for distributing fake antivirus is not anything new. Earlier this year (2009), criminals hijacked the website of NY Times for the same purpose and soon thereafter the Gizmodo site as well.

In fact, security companies describe FAKEAV as a rising hidden threat. Over the recent years, this threat has been escalating vastly. Computer security company 'PandaLabs' substantiated this with its detection of 374,000 FAKEAVs during Q2 2009. McAfee, another security company, too notified a similar trend.

Finally, it can be said that the threat of fake antivirus requires to be tackled urgently.

Related article: XSS Bug Remains the Worst Infection for Sites

» SPAMfighter News - 12/29/2009